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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings of claims in the 

application: 
Listing of Claims: 

1 . (Currently Amended) In an access management system comprising an 
identity system for managing identity profiles and an access system for providing security of 
resources across one or more web servers, a method for defining a custom workflow for 
managing entity identities, the method comprising the steps of: 

accessing, at the access management system, a template that indicates one or more 
parameters for defining one or more custom workflows for managing identity profiles, wherein 
said one or more parameters define operations to be performed on identity profiles as part of said 
one or more custom workflows; 

modifying the template by receiving input configured to define workflow 
customization options, wherein the modifying of the template is accomplished without the use of 
scripts by allowing a user to select and/or modify the workflow customization options which are 
presented to the user in a graphical user interface; 

dynamically creating, at the identity system, a definition of a first custom 
workflow for managing an identity profile for at least one user, based on said modified template, 
wherein said identity profile is used by said access management system to control access by said 
at least one user to said resources across one or more web servers, wherein the first custom 
workflow is configured to automate the process of managing the identity profile by executing the 
operation defined by one or more custom workflow parameters , wherein said dynamically 
creating includes: 

determining a first set of possible data types for a particular action 
based on said template, 

reporting said first set of possible data types, and 
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receiving an indication of a variable for said first workflow, wherein 
one of said data types from said first set of possible data types is a variable supplied 
by another workflow ; and 

receiving a selection of a first data type for said variable; and 
storing, the identity system, said definition of said first custom workflow at a 
mass storage device. 

2. (Original) A method according to claim 1, wherein: 

said template includes a set of parameters for each action available to a workflow 

type. 

3. (Original) A method according to claim 1, wherein: 
said template is an XML document. 



steps of: 



of: 



4. (Original) A method according to claim 1, further comprising the 

adding data to said template after said step of storing; 

creating a definition of a second workflow after said step of adding data; and 

storing said definition of said second workflow. 

5. (Original) A method according to claim 1, further comprising the step 
creating said template. 



6. (Original) A method according to claim 5, wherein said step of 
creating said template includes the steps of: 

adding a set of workflow types to said template; 

adding one or more actions for at least a subset of said workflow types; and 
adding parameters for at least a subset of said actions. 

7. (Original) A method according to claim 1, wherein: 
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said template applies to only one application. 

8 (Original) A method according to claim 1 , wherein: 
said template includes parameters for creating objects, deleting objects and 
changing attributes. 

9. (Original) A method according to claim 1, wherein: 
said template includes parameters for self registration. 

10. (Original) A method according to claim 1, wherein: 

said template includes a parameter indicating whether supplied variables can be 
used in said step of creating. 

1 1 . (Original) A method according to claim 1 , wherein: 

said template includes a parameter indicating whether additional workflows can 
be used to supply data. 

12. (Original) A method according to claim 1 1, wherein: 

said additional workflows includes multiple levels of nesting of workflows. 

13. (Canceled) 

14. (Original) A method according to claim 1, wherein said step of 
creating includes the step of: 

accessing one or more parameters in said template; 

offering a set of options based on said accessed parameters; and 

receiving a selection of one or more of said offered options. 

15. (Original) A method according to claim 1, wherein said step of 
creating includes the steps of: 

determining a first set of possible actions for a particular step based on said 

template; 
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reporting said first set of possible actions; and 

receiving a selection of a first action of said first set of possible actions. 
16.-17. (Canceled) 

18. (Original) A method according to claim 1, wherein said step of 
creating includes the steps of: 

determining whether pre actions are available for a particular action based on said 

template; 

reporting whether pre actions are available for said particular action; and 
receiving a selection of whether to add pre actions to said definition of said first 
workflow for said particular action. 

19. (Original) A method according to claim 1, wherein said step of 
creating includes the steps of: 

determining a first set of possible entry conditions for a particular action based on 

said template; 

reporting said a first set of possible entry conditions; 

receiving a selection of a first entry condition of said first set of possible entry 

conditions; 

determining and reporting whether said first entry condition is associated with a 
sub-workflow; and 

receiving an indication whether said first workflow should wait for said sub- 
workflow. 

20. (Original) A method according to claim 1 , wherein said step of 
creating includes the steps of: 

determining a first set of possible actions for a particular step based on said 

template; 

reporting said first set of possible actions; 
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receiving a selection of a first action of said first set of possible actions; 
determining a first set of possible data types for said first action based on said 

template; 

reporting said first set of possible data types; 

receiving an indication of a variable for said first workflow; 

receiving a selection of a first data type for said variable; 

determining whether pre or post actions are available for said first action based on 

said template; 

reporting whether pre or post actions are available for said first action; 
receiving a selection of whether to add pre or post actions to said definition of 
said first workflow for said first action; 

determining a first set of possible entry conditions for said first action based on 

said template; 

reporting said a first set of possible entry conditions; 

receiving a selection of a first entry condition of said a first set of possible entry 

conditions; 

determining and reporting whether said first entry condition is associated with a 
sub-workflow; and 

receiving an indication whether said first workflow should wait for said sub- 
workflow. 

21. (Original) A method according to claim 1, wherein said step of 
creating includes the steps of: 

accessing one or more parameters in said template; 

offering a set of options in a graphical user interface based on said accessed 
parameters; and 

receiving a selection of one or more of said offered options using said graphical 

user interface. 
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22. (Currently Amended) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
processor readable code comprising software executable by an access management system 
comprising an identity system for managing identity profiles and an access system for providing 
security of resources across one or more web servers, the set of instructions comprising: 

instructions for the access management system to access a template that indicates 
one or more parameters for defining one or more custom workflows for managing identity 
profiles, wherein said one or more parameters comprise one or more parameters that define an 
operation to be performed on identity profiles as part of said one or more custom workflows; 

instructions for the identity system to modify the template by receiving input 
configured to define workflow customization options, wherein the modifying of the template is 
accomplished without the use of scripts by allowing a user to select and/or modify the workflow 
customization options which are presented to the user in a graphical user interface; 

instructions for the identity system to dynamically create a definition of a first 
custom workflow for managing an identity profile for at least one user, based on said template, 
wherein said identity profile is used by said access management system to control access by said 
at least one user to said resources across one or more web servers, wherein the first custom 
workflow is configured to automate the process of managing the identity profile by executing the 
operation defined by one or more custom workflow parameters , and wherein said instructions 
to dynamically create said definition comprise: 

instructions to determine a first set of possible entry conditions for a 
particular action based on said template, 

instructions to report said first set of possible entry conditions; 
instructions to receive a selection of a first entry condition of said first 
set of possible entry conditions, 

instructions to determine and reporting whether said first entry 
condition is associated with a sub-workflow, and 

instructions to receive an indication whether said first workflow 
should wait for said sub-workflow ; and 
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instructions for the identity system to store said definition of said first custom 
workflow at a mass storage device. 

23 . (Previously Presented) One or more processor readable storage 
devices according to claim 22, wherein said set of instructions further comprises: 

instructions to add data to said template after said step of storing; 

instructions to create a definition of a second workflow after said step of adding 

data; and 

instructions to store said definition of said second workflow. 

24. (Previously Presented) One or more processor readable storage 
devices according to claim 22, wherein said set of instructions further comprises instructions to 
create said template, said instructions to create said template comprising: 

instructions to add a set of workflow types to said template; 

instructions to add one or more actions for at least a subset of said workflow 

types; and 

instructions to add one or more parameters for at least a subset of said actions. 

25. (Original) One or more processor readable storage devices according 
to claim 22, wherein: 

said template includes parameters for self registration. 

26. (Original) One or more processor readable storage devices according 
to claim 22, wherein: 

said template includes a parameter indicating whether additional workflows can 
be used to supply data. 

27. (Original) One or more processor readable storage devices according 
to claim 26, wherein: 

said additional workflows includes multiple levels of nesting of workflows. 
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28. (Canceled) 

29. (Previously Presented) One or more processor readable storage 
devices according to claim 22, wherein said instructions to create said definition comprise: 

instructions to access one or more parameters in said template; 

instructions to offer a set of options in a graphical user interface based on said 
accessed parameters; and 

instructions to receive a selection of one or more of said offered options using 
said graphical user interface. 

30. (Previously Presented) One or more processor readable storage 
devices according to claim 22, wherein said wherein said instructions to create said definition 
comprise: 

instructions to determine a first set of possible actions for a particular step based 
on said template; 

instructions to report said first set of possible actions; and 

instructions to receive a selection of a first action of said first set of possible 

actions. 

3 1 . (Previously Presented) One or more processor readable storage 
devices according to claim 22, wherein said instructions to create said definition comprise: 

instructions to determine a first set of possible data types for a particular action 
based on said template; 

instructions to report said first set of possible data types; 

instructions to receive an indication of a variable for said first workflow; and 

instructions to receive a selection of a first data type of said variable, said first 
data type is a variable supplied by another workflow. 

32. (Canceled) 
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33. (Currently Amended) An access management system having an identity 
system for managing identity profiles and an access system for providing security of resources 
across one or more web servers, the access management system comprising: 

a communication interface; and 

one or more processors in communication with said communication interface; and 
a computer readable medium having embodied thereon a set of instructions 
executable by the one or more processors, the set of instructions comprising: 

instructions for the access management system to access a template that 
indicates one or more parameters for defining one or more custom workflows for 
managing identity profiles, wherein said one or more parameters define operations to be 
performed on identity profiles as part of said one or more custom workflows; 

instructions for the access management system to modify the template by 
receiving input configured to define workflow customization options, wherein the 
modifying of the template is accomplished without the use of scripts by allowing a user 
to select and/or modify the workflow customization options which are presented to the 
user in a graphical user interface; 

instructions for the identity system to dynamically create a definition of a 
first custom workflow for managing an identity profile for at least one user, based on said 
template, wherein said identity profile is used by said access management system to 
control access by said at least one user to said resources across one or more web servers, 
wherein the first custom workflow is configured to automate the process of managing the 
identity profile by executing the operation defined by one or more custom workflow 
parameters , wherein said instructions to dynamically create said definition comprise: 

instructions to determine a first set of possible entry conditions 
for a particular action based on said template, 

instructions to report said a first set of possible entry 

conditions, 

instructions to receive a selection of a first entry condition of 
said first set of possible entry conditions, 
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instructions to determine and reporting whether said first 
entry condition is associated with a sub-workflow, and 

instructions to receive an indication whether said first 
workflow should wait for said sub-workflow ; and 

instructions for the identity system to store said definition of said first 
custom workflow at a mass storage device. 

34. (Previously Presented) An access management system according to 
claim 33, wherein: 

said template includes a parameter indicating whether additional workflows can 
be used to supply data, said additional workflows includes multiple levels of nesting of 
workflows. 

35. (Canceled) 

36. (Previously Presented) An access management system according to 
claim 33, wherein said instructions to create said definition comprise: 

instructions to access one or more parameters in said template; 

instructions to offer a set of options in a graphical user interface based on said 
accessed parameters; and 

instructions to receive a selection of one or more of said offered options using 
said graphical user interface. 

37. (Currently Amended) An[[J]_access management system according to 
claim 33, wherein said instructions to create said definition comprise: 

instructions to determine a first set of possible actions for a particular step based 
on said template; 

instructions to report said a first set of possible actions; and 

instructions to receive a selection of a first action of said a first set of possible 

actions. 
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38. (Previously Presented) An access management system according to 
claim 33, wherein said instructions to create said definition comprise: 

instructions to determine a first set of possible data types for a particular action 
based on said template; 

instructions to report said first set of possible data types; 

instructions to receive an indication of a variable for said first workflow; and 

instructions to receive a selection of a first data type of said variable, said first 
data type is a variable supplied by another workflow. 

39. - 40. (Canceled) 

41 . (Previously Presented) A method according to claim 1 , wherein the 
at least one entity is selected from among the group consisting of at least one user, at least one 
group and at least one organization. 

42. - 44. (Canceled) 

45. (Currently Amended) A method according to claim[[43]] 1, wherein 
performing the one of the one or more actions comprises: 

the client program composing an extended markup language ("XML") document 
comprising a request for the one of the one or more actions; 

the client program transmitting the XML document for reception by an 

application; 

the application performing the one of the one or more actions; 
the application transmitting a second XML document for reception by the client 
program, the second XML document comprising an output message. 

46. (Previously Presented) A method according to claim 45, wherein 
the client program communicates with the application using the simple object access protocol 
("SOAP" ). 
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47. (New) In an access management system comprising an identity system for 
managing identity profiles and an access system for providing security of resources across one or 
more web servers, a method for defining a custom workflow for managing entity identities, the 
method comprising the steps of: 

accessing, at the access management system, a template that indicates one or more 
parameters for defining one or more custom workflows for managing identity profiles, wherein 
said one or more parameters define operations to be performed on identity profiles as part of said 
one or more custom workflows; 

modifying the template by receiving input configured to define workflow 
customization options, wherein the modifying of the template is accomplished without the use of 
scripts by allowing a user to select and/or modify the workflow customization options which are 
presented to the user in a graphical user interface; 

dynamically creating, at the identity system, a definition of a first custom 
workflow for managing an identity profile for at least one user, based on said modified template, 
wherein said identity profile is used by said access management system to control access by said 
at least one user to said resources across one or more web servers, wherein the first custom 
workflow is configured to automate the process of managing the identity profile by executing the 
operation defined by one or more custom workflow parameters, wherein said dynamically 
creating includes: 

determining a first set of possible entry conditions for a particular action 
based on said template, 

reporting said a first set of possible entry conditions; 

receiving a selection of a first entry condition of said first set of possible 
entry conditions, 

determining and reporting whether said first entry condition is associated 
with a sub-workflow, and 

receiving an indication whether said first workflow should wait for said 
sub-workflow; and 
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storing, the identity system, said definition of said first custom workflow at a 
mass storage device. 

48. (New) In an access management system comprising an identity system for 
managing identity profiles and an access system for providing security of resources across one or 
more web servers, a method for defining a custom workflow for managing entity identities, the 
method comprising the steps of: 

accessing, at the access management system, a template that indicates one or more 
parameters for defining one or more custom workflows for managing identity profiles, wherein 
said one or more parameters define operations to be performed on identity profiles as part of said 
one or more custom workflows; 

modifying the template by receiving input configured to define workflow 
customization options, wherein the modifying of the template is accomplished without the use of 
scripts by allowing a user to select and/or modify the workflow customization options which are 
presented to the user in a graphical user interface; 

dynamically creating, at the identity system, a definition of a first custom 
workflow for managing an identity profile for at least one user, based on said modified template, 
wherein said identity profile is used by said access management system to control access by said 
at least one user to said resources across one or more web servers, wherein the first custom 
workflow is configured to automate the process of managing the identity profile by executing the 
operation defined by one or more custom workflow parameters, wherein said creating includes: 
determining a first set of possible actions for a particular step based on 

said template, 

reporting said first set of possible actions, 

receiving a selection of a first action of said first set of possible actions, 
determining a first set of possible data types for said first action based on 

said template, 

reporting said first set of possible data types, 

receiving an indication of a variable for said first workflow, 
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receiving a selection of a first data type for said variable, 

determining whether pre or post actions are available for said first action 

based on said template, 

reporting whether pre or post actions are available for said first action, 
receiving a selection of whether to add pre or post actions to said 

definition of said first workflow for said first action, 

determining a first set of possible entry conditions for said first action 

based on said template, 

reporting said a first set of possible entry conditions, 

receiving a selection of a first entry condition of said a first set of possible 

entry conditions, 

determining and reporting whether said first entry condition is associated 
with a sub-workflow; and 

receiving an indication whether said first workflow should wait for said 
sub-workflow; and 

storing, the identity system, said definition of said first custom workflow at a 
mass storage device. 

49. (New) In an access management system comprising an identity system for 
managing identity profiles and an access system for providing security of resources across one or 
more web servers, a method for defining a custom workflow for managing entity identities, the 
method comprising the steps of: 

accessing, at the access management system, a template that indicates one or more 
parameters for defining one or more custom workflows for managing identity profiles, wherein 
said one or more parameters define operations to be performed on identity profiles as part of said 
one or more custom workflows; 

modifying the template by receiving input configured to define workflow 
customization options, wherein the modifying of the template is accomplished without the use of 
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scripts by allowing a user to select and/or modify the workflow customization options which are 
presented to the user in a graphical user interface; 

dynamically creating, at the identity system, a definition of a first custom 
workflow for managing an identity profile for at least one user, based on said modified template, 
wherein said identity profile is used by said access management system to control access by said 
at least one user to said resources across one or more web servers, wherein the first custom 
workflow is configured to automate the process of managing the identity profile by executing the 
operation defined by one or more custom workflow parameters; and 

storing, the identity system, said definition of said first custom workflow at a 
mass storage device, wherein said workflow performs a task selected from the group consisting 
of: creating a user, deleting a user, subscribing a user to a group, enrolling a certificate, renewing 
a certificate, revoking a certificate, and changing a user attribute. 

50. (New) In an access management system comprising an identity system for 
managing identity profiles and an access system for providing security of resources across one or 
more web servers, a method for defining a custom workflow for managing entity identities, the 
method comprising the steps of: 

accessing, at the access management system, a template that indicates one or more 
parameters for defining one or more custom workflows for managing identity profiles, wherein 
said one or more parameters define operations to be performed on identity profiles as part of said 
one or more custom workflows; 

modifying the template by receiving input configured to define workflow 
customization options, wherein the modifying of the template is accomplished without the use of 
scripts by allowing a user to select and/or modify the workflow customization options which are 
presented to the user in a graphical user interface; 

dynamically creating, at the identity system, a definition of a first custom 
workflow for managing an identity profile for at least one user, based on said modified template, 
wherein said identity profile is used by said access management system to control access by said 
at least one user to said resources across one or more web servers, wherein the first custom 
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workflow is configured to automate the process of managing the identity profile by executing the 
operation defined by one or more custom workflow parameters; 

storing, the identity system, said definition of said first custom workflow at a 
mass storage device; 

invoking the workflow by a workflow engine, wherein the workflow comprises a 
set of actions comprising one or more actions; 

performing one of the one or more actions by a client program; 

passing, by the workflow engine, to the client program a callback handle uniform 
request locator (callback URL); 

pausing the workflow by the workflow engine; 

upon completion of the one or more actions, invoking, by the client program, the 
callback URL; and 

upon an invocation of the callback URL, restarting, by the workflow engine, the 

workflow. 
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